code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious activity or critical security risks were identified in the analyzed files.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data from external code reviewers.
- Ingestion points: External feedback received during the code review process (referenced in
references/code-review-reception.md). - Boundary markers: Absent for raw data, but the skill includes extensive behavioral guardrails, such as the requirement to "verify technically" and "be skeptical" of external input.
- Capability inventory: Access to shell for
gitoperations, build systems, and test execution tools. - Sanitization: The skill mandates a verification workflow (READ → UNDERSTAND → VERIFY → EVALUATE) before any external suggestion is implemented.
- [COMMAND_EXECUTION] (LOW): The skill utilizes standard development tools (git) and instructs the agent to identify and run verification commands (e.g.,
npm test,make build). This behavior is consistent with the skill's stated purpose of technical verification and does not involve suspicious remote downloads or privilege escalation.
Audit Metadata